I got this URL, yourgreatlove.com (**** DON"T GO THERE!!!!! IT MIGHT BE STILL LIVE AND DANGEROUS**** ) from the the malwarebytes forum (malwarebytes.org/forums/index.php?showtopic=11109) , and given that it was valentine's day malware, I thought I'd take a closer look, and I saw this screen...
I thought "That's Storm!... Haven't seen that for ages". Now, it might well have been around and I just haven't been paying attention, and I'm pretty sure it's what most people call the Waldec botnet, but it was fun to think "Oh, I know what you are!"
They've updated their crypto and their exploit set, but they still try to trick you into downloading something if the exploits don't get you first, and here's the current exploit list that they throw, hoping something will stick ...
Outlook Application
Vis Studio
MS Dbg Clr
Vis Stuidio DTE
D.Explore
Vis Studio
Microsoft Update Web Control
Outlook Data Object
Business Object Factory
MDAC
NCT Audio File
Yahoo webcam/Messenger - June 2007
Real Player - March 2008
Creative Labs - May 2008
CA List Ctrl
Yahoo webcam - June 2007
Kingsoft update ocx - Apr 2008
MySpace uploader ocx - Feb 2008
WebEx mtg manager - Aug 2008
Of course, if they nail you, you become part of the botnet, as well as giving up your identity and bank account.
Anyway, it was a deja vu moment. These guys show a pretty fair understanding of current events, and US holidays, so the next thing we'll probably see is an Easter version, unless something newsworthy happens... disaster photos of Australian bushfires maybe?
Keep safe folks,
Roger
OFFTOPIC - REQUEST FOR HELP
Folks,
My wife and son have managed to get a song in the final 15 for the annual NSAI Country Music Television awards. This is out of several thousand entries. They have two chances to win. The first is the judged portion, which is conducted by CMT.com themselves, but the second is a public vote. It's a big opportunity for them.
Their song is "I found everything" by Kate and Ben Thompson, and you can vote for them (as often as you'd like) at http://nsai.cmt.com . I've resisted the temptation to enlist a botnet :-) but would like to help them win.
Please consider voting for them, and please ask five of your friends to.
:-)
Thanks in advance
Roger
Posts
No comments:
Post a Comment